CVE-2016-3726
Jenkins affected by Open Redirect Vulnerability
7.4
HIGH
CVSS 3.1
EPSS 0.08%
Description
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
How to fix CVE-2016-3726
To remediate CVE-2016-3726, upgrade the affected package to a fixed version below.
- —upgrade to 2.3 or later
Is CVE-2016-3726 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.652, < 2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |